Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Various errors in etcd controls #30

Open
aoggz opened this issue Mar 30, 2021 · 0 comments
Open

[Bug] Various errors in etcd controls #30

aoggz opened this issue Mar 30, 2021 · 0 comments

Comments

@aoggz
Copy link

aoggz commented Mar 30, 2021

Describe the bug
Encountering various errors when executing etcd controls (2.*).

Expected behavior
I expect to receive passed/failed/skipped results based on observed system & application state.

Actual behavior

undefined method `empty?' error encountered in controls 2.1, 2.2, 2.4, & 2.5:

...
×  cis-kubernetes-benchmark:2.1: Ensure that the --cert-file and --key-file arguments are set as appropriate (4 failed)
  ×  ["/usr/bin/etcd -name=...\"] is expected to match /--cert-file=/
  ...
  ×  Enviroment variables for Processes /\/usr\/bin\/etcd/ ETCD_CERT_FILE
  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000006453908>
   
  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000005d4c6a0>
  ×  ["/usr/bin/etcd -name=...\"]" to match /--key-file=/
  ...
  ×  Enviroment variables for Processes /\/usr\/bin\/etcd/ ETCD_KEY_FILE
  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x000000000643f250>
   
  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000005d1bb18>
×  cis-kubernetes-benchmark:2.2: Ensure that the --client-cert-auth argument is set to true (2 failed)
  ×  ["/usr/bin/etcd -name=...\"]" to match /--client-cert-auth=true/
  ...
  ×  Enviroment variables for Processes /\/usr\/bin\/etcd/ ETCD_CLIENT_CERT_AUTH
  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000006125a10>
   
  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000005bc9198>
  ...
×  cis-kubernetes-benchmark:2.4: Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate (4 failed)
  ×  ["/usr/bin/etcd -name=...\"]" to match /--peer-cert-file=/
  ...
  ×  Enviroment variables for Processes /\/usr\/bin\/etcd/ ETCD_PEER_CERT_FILE 
  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000006303e90>

  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000005ba25e8>
  ×  ["/usr/bin/etcd -name=...\"] is expected to match /--peer-key-file=/
  ...
  ×  Enviroment variables for Processes /\/usr\/bin\/etcd/ ETCD_PEER_KEY_FILE 
  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000005e12378>

  undefined method `empty?' for #<#<Class:0x000000000443df60>:0x0000000005b901b8>
...

The last result in each control is the issue.

Control Source Code Error encountered in control 2.7:

×  cis-kubernetes-benchmark:2.7: Ensure that a unique Certificate Authority is used for etcd
 ×  Control Source Code Error cis-kubernetes-benchmark-1.0.2/controls/2_etcd_node.rb:133
 undefined local variable or method `cis_level' for #<Inspec::Rule:0x0000000005d64138>

Example code

inspec exec https://github.com/dev-sec/cis-kubernetes-benchmark/archive/1.0.2.tar.gz --color --show-progress -i ~/.ssh/id_rsa --chef-license=accept --no-create-lockfile --bastion-user=bastion_user --bastion-host=bastion.dev.com -t=ssh://[email protected]

OS / Environment

Linux ... 3.10.0-1160.15.2.el7.x86_64 #1 SMP Wed Feb 3 15:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Inspec Version

4.26.4

Baseline Version

6a960bc7872df07ee38876c5cb750f6637ff026b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aoggz